Wednesday, November 16, 2011

Facebook Porn Attacks: How to Protect Yourself

By Mark W. Smith, Detroit Free Press, November 16, 2011

Many Facebook users have gotten an unexpected eyeful this week as pornographic and violent images have infiltrated news feeds across the globe as part of a coordinated spam attack.

It's a jarring sight for a place like Facebook, which for many is a safe haven to communicate with friends and family members.

Many of the pornographic posts spread just by clicking them.

Curiosity, it appears, has gotten the best of us.

Facebook has struggled to keep up with these spam attacks this year, often left to play a game of virtual whack-a-mole, chasing spammers only after they've left their mark.

"We experienced a coordinated spam attack that exploited a browser vulnerability," Facebook spokesman Andrew Noyes told USA Today. "Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible."

At the center of these sort of attacks is a technique called clickjacking.

These fake links pose as regular Facebook posts, often coming from friends we would normally trust to only post good links. When clicked, a JavaScript command is executed, causing a user's computer to perform a program that spreads the link even farther.

The posts are designed to prey on our most salacious interests.

We've all seen them: Check out the spider under this girl's skin! You won't believe what this dad found on his daughter's computer! I bet you can't watch this video for more than 15 seconds!

These posts can do more than spread on Facebook. They often come armed with malware, which is dropped on the user's computer when clicked.

Malware can often perform other dangerous tasks on our computers such as gaining access to our personal information and passwords.

To report an offensive or spam Facebook post, click the arrow to the right of the post and select "Report story or spam." Doing so will hide it from your newsfeed and also send the report to Facebook.

It's also best to send a separate inbox message to any friend who has fallen victim to a spam attack and let them know that they should change their password and make sure their anti-virus program is running and up to date.

And, if it's a Facebook friend that you don't really need to stay connected with, it's also a good idea to drop them altogether. Often times the intersection between Facebook friends that often get duped by spammers and Facebook friends we don't really know is pretty significant.

It seems Facebook is largely unable to wipe these sort of posts completely from the social network's ecosystem.

So, when in doubt, it's best not to click. Protect yourself and your friends.